The ‘Be afraid; be very afraid; be very, very afraid; and then buy my product’ scam

One of the things I really dislike about the security industry is the prevalent doom and gloom attitude it promotes. It may be their function to keep us safe; but it is in their interests to keep us afraid – if we’re not afraid, we won’t buy their products. Fear sells.

So the news is full of

99.99% of all email is spam (the rest is spear phishing)

cyberwar between the USA/UK and China has already started

most people will suffer identity theft next week

software piracy loses the industry more than the UK’s national debt every 10 seconds

one in three people is a hacker; one in three is a spammer; and one in three sells security

I exaggerate. A little. But here’s the latest:

As US IT security experts and liberty organisations discuss the ramifications of the recent effective shutdown of the Internet in Egypt – and whether President Obama should have access to an Internet `kill switch’ – the organisers of Infosecurity Europe show are saying that the saga highlights the need for IT contingency planning.

According to Claire Sellick, Event Director for Infosecurity Europe, the lessons coming out of the Egypt net shutdown – and the fact that the US government is now talking about having access to a similar `shutdown button’ for the US side of the Internet – should act as a red flag to IT managers in organisations of all sizes.

That’s the fear. Here’s the sell:

“Of course, gaining access to information on these topics is a not as easy as you might think. Fortunately, help is at hand in the shape of the free educational seminar programs we are planning for the Infosecurity Europe show, which takes place at Earls Court, London 19-21 April 2011 http://www.infosec.co.uk,&#8221; she added.

But this is what Jason Easley wrote in Politicususa:

After Egypt shut down their Internet service, the US Senate in their infinite wisdom decided to take up Joe Lieberman’s Protecting Cyberspace as a National Asset Act of 2010 a.k.a. the Internet kill switch bill. There is a great deal of concern over the bill, but the one thing that the legislation does not contain is an Internet kill switch. In fact, national cyber security guidelines are going to be developed with the private sector. The so called Internet kill switch started as a right wing talking point that has seeped into the national discussion.Debunking The Myth of Obama’s Internet Kill Switch

But that’s the problem. No fear, no sale. So if a security salesmen tries to panic you – go elsewhere. Find one – and they do exist – who will explain the situation rationally; beware of the ‘buy my safety’ scam.